-----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Knutson, Sam Sent: Tuesday, March 23, 2010 11:50 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Encryption software?
We heard via the rumor mill a last summer that EKM support is going away and that we will have to migrate to TKLM or a competitive product in the future. The spectre of this occurring quickly was raised and then dismissed by our IBM team. We are among customers who use EKM for backend tape encryption and are not keen on moving to TKLM since EKM has been free with z/OS and TKLM is priced, requires DB2, etc. <snippage> We structure our DR process to insure we have the key data sets we need at DR to recover and resume operation. <snippage> Maybe a few of us are missing something here. If you go to a D/R site to test, your stand alone system start-up on tape can't be encrypted or you can't install that system, right? So, once the system is installed, you have specifically not backed up your certificate file/database so that the rest of the tapes are un-usable. Is that also correct? Now you need a way to get that information into your system, using some special knowledge (such as the password, or key code) that allows this repository to be installed making your cert file/database available. Is this also correct? I'm asking, because the product I work on only does encryption for data in flight. Data encrypted on DASD or tape is another animal entirely. Hence the silence from here. So wouldn't encrypted 'data at rest' be a "DFSMS" issue (or some third party that is somehow invoked to do this)? Which would be handled by the file / database situation to which I referred above. Now, because of export laws (being that encryption things are munitions as far as the US Gov't is concerned), as I understand the rules, we can't talk about particulars publicly. Which may also be another reason for the silence. Regards, Steve Thompson -- Opinions expressed by this poster may not reflect those held by poster's employer -- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html